Mattermost Peer-to-Peer Forum

Address is forbidden, how do I allow access


#1

Summary

I’m running mattermost server(5.4) locally.
url: developers.mattermost. com/contribute/server/developer-setup/.

im trying to get interactive messages working.
docs.mattermost.com/developer/interactive-messages.html
ive added “AllowedUntrustedInternalConnections” address to it.

I see the buttons i.stack.imgur.com/YGeFf.png

and when i click on the buttons, in the mattermost server logs i get the following:

“http_code”:400,“err_details”:“err=Post http://127.0.0.1:7357: address forbidden, you may need to set AllowedUntrustedInternalConnections to allow an integration access to your internal network”}

in the mattermost-server/config/config.json, ive tried updating below to various addresses
“AllowedUntrustedInternalConnections”: “0.0.0.0”
or
“localhost” , “127.0.0.1/8” “127.0.0.1”

for “127.0.0.1” i get 400 connection refused.
“http_code”:400,“err_details”:“err=Post http://127.0.0.1:7357: dial tcp 127.0.0.1:7357: connect: connection refused”}

i dont think ive overridden any with env variables(not sure how to check)

any ideas to get past the forbidden access?

Steps to reproduce

run mattermost server 5.4 locally (nothing special, standard local run with docker.
add interactive message buttons and press it
read the logs that address is forbidden

Expected behavior

expected to not have 400 error since i updated the config.json file

Observed behavior

got the error you see above.
ive tried what was shown here [SOLVED] Slash Command Issue: Address Forbidden after v4.2 Update


#2

Hi @jliukai,

What service are you trying to connect to? When you used 127.0.0.1 the service tried to connect to the localhost, but in that case it’s the docker container of Mattermost where no service is listening on that port. In order to allow Mattermost to connect to that service, you have to make sure that it’s reachable and use the correct IP in the AllowUntrustedInternalConenctions setting.

Example:
If you got a service listening on your Docker Host, and want to connect to it, you need to use the IP address of the Docker Host and not 127.0.0.1. On Windows and Mac you can use the host.docker.internal domain to resolve it, on Linux you have to check your interfaces. If your IP is e.g. 172.17.0.1 you then want to add that IP to the allow list and connect to 172.17.0.1:7357 from your interactive button.

Hope that makes it clear, please just let me know if you got another question.